From ff45b8ccc61ff64c24c3286431b60f05534e120d Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Sun, 24 Jul 2011 19:16:52 +0200
Subject: [PATCH] [BUG] stream_sock: ensure orphan listeners don't accept too
 many connections

For listeners that are not bound to a frontend, the limit on the
number of accepted connections is tested at the end of the accept()
loop, but we don't break out of the loop, meaning that if more
connections than what the listener allows are available and if this
is less than the proxy's limits and within the size of a batch, then
they could be accepted. In practice, this problem currently cannot
appear since all listeners are bound to a frontend, and it's a very
minor issue anyway.

1.4 has the same issue (which cannot happen there either), but there
is some code after it, so it's the code cleanup which revealed it.
---
 src/stream_sock.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/stream_sock.c b/src/stream_sock.c
index dc04d35b4..c5cd1e5a8 100644
--- a/src/stream_sock.c
+++ b/src/stream_sock.c
@@ -1293,6 +1293,7 @@ int stream_sock_accept(int fd)
 		if (l->nbconn >= l->maxconn) {
 			EV_FD_CLR(l->fd, DIR_RD);
 			l->state = LI_FULL;
+			return 0;
 		}
 	} /* end of while (p->feconn < p->maxconn) */
 	return 0;